Cisco 3945路由器密码恢复，rommon模式操作详解

Cisco 3945路由器密码恢复，rommon模式操作详解

    在一次客户的网络出现故障，网络中断，排除故障的原因，发现到达路由器地址不通； 观察到路由器接口灯全部熄灭，电源状态正常；

然后使用console线连接设备后，连续出现以下信息：

System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 2012 by cisco Systems, Inc.

我推测是设备的Flash卡有问题，导致系统不能正常加载；

设备坏了，咱可以换，只可惜客户这边没有专业的运维人员，在以前配置完后也没保存配置；这不可就为难我了；

经过我不懈的尝试，设备多重启几次偶尔有一次是可以正常加载系统并恢复正常，但是好像只能维持5分钟左右，赶紧试试客户给的密码，结果都不对。估计我出门没烧香；

下面就是展现我真正实力的时候了：

先梳理一下流程：

此时有正常启动的几率--->但是不知道enable密码--->恢复密码--->查看原来的配置；

1、我把Flash卡拔掉，让系统加载rommon模式：

此时加电：

Total memory size = 1024 MB - DIMM0 = 512 MB, DIMM1 = 512 MB

CISCO3945-CHASSIS with C3900-SPE150/K9 with 1048576 Kbytes of main memory

Main memory is configured to 72/72(dimm 0/1) bit mode with ECC enabled

Readonly ROMMON initialized

终于进入rommon模式了,先来个问号,看看都可以干嘛；

rommon 1 > ?

alias               set and display aliases command

boot                boot up an external process

break               set/show/clear the breakpoint

confreg             configuration register utility

cont                continue executing a downloaded image

context             display the context of a loaded image

cookie              display contents of motherboard cookie PROM in hex

dev                 list the device table

dir                 list files in file system

frame               print out a selected stack frame

help                monitor builtin command help

history             monitor command history

iomemset            set IO memory percent

meminfo             main memory information

repeat              repeat a monitor command

reset               system reset

rommon-pref         Select ROMMON

set                 display the monitor variables

showmon             display currently selected ROM monitor

stack               produce a stack trace

sync                write monitor environment to NVRAM

sysret              print out info from last system return

tftpdnld            tftp image download

unalias             unset an alias

unset               unset a monitor variable

hwpart              Read HW resources partition

rommon 2 > dev   //查看设备表

Devices in device table:

        id  name

   flash0:  compact flash 0            

    flash:  compact flash 0            

   flash1:  compact flash 1            

bootflash:  boot flash                 

usbflash0:  usbflash0                  

usbflash1:  usbflash1     

我把Flash怼回去 在Flash1中看到了它里面的文件；            

rommon 3 > dir flash1:/

program load complete, entry point: 0x4000000, size: 0x18fa0

Directory of flash1:/

2      96183024  -rw-     c3900-universalk9-mz.SPA.153-3.M.bin

23485    2903      -rw-     cpconfig-39xx.cfg

23486    2999808   -rw-     cpexpress.tar

24219    1038      -rw-     home.shtml

24220    115712    -rw-     home.tar

24249    1697952   -rw-     securedesktop-ios-3.1.1.45-k9.pkg

24664    415956    -rw-     sslclient-win-1.1.4.176.pkg

0      0         -rw-     crashinfo_20181128-025939-UTC

24834    363143    -rw-     crashinfo_20181129-041102-UTC   //一堆系统崩溃信息；

24923    328800    -rw-     crashinfo_20181129-060619-UTC

25004    331573    -rw-     crashinfo_20181129-120924-UTC

25085    323167    -rw-     crashinfo_20181210-191214-UTC

下面开始恢复密码：

需要修改寄存器的值，然后重启就行了；

rommon 6 > confreg    //输入confreg  ，下面显示了当前寄存器的数值

           Configuration Summary

   (Virtual Configuration Register: 0x2102)

enabled are:

load rom after netboot fails

console baud: 9600

boot: image specified by the boot system commands

      or default to: cisco2-C3900-SPE150/K9

出现以下提示 ：

do you wish to change the configuration? y/n  [n]:  y   //你希望改变的配置?y / n[n]:输入yes

enable  "diagnostic mode"? y/n  [n]:    //下面几个默认就行

enable  "use net in IP bcast address"? y/n  [n]:  

disable "load rom after netboot fails"? y/n  [n]:  

enable  "use all zero broadcast"? y/n  [n]:  

enable  "break/abort has effect"? y/n  [n]:  

enable  "ignore system config info"? y/n  [n]:  y    //到这里 启用忽略系统配置信息 输入yes

change console baud rate? y/n  [n]:  

change the boot characteristics? y/n  [n]:  

           Configuration Summary

   (Virtual Configuration Register: 0x2142)   //寄存器值已经更改，接下来重启就行了；

do you wish to change the configuration? y/n  [n]:  n    //输入no

You must reset or power cycle for new config to take effect

接下来重启设备，成功捏把汗，失败再重来！

rommon 7 > reset   

System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 2012 by cisco Systems, Inc.

Total memory size = 1024 MB - DIMM0 = 512 MB, DIMM1 = 512 MB

CISCO3945-CHASSIS with C3900-SPE150/K9 with 1048576 Kbytes of main memory

Main memory is configured to 72/72(dimm 0/1) bit mode with ECC enabled

Readonly ROMMON initialized

Compact Flash0: Not present

System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 2012 by cisco Systems, Inc.

Total memory size = 1024 MB - DIMM0 = 512 MB, DIMM1 = 512 MB

CISCO3945-CHASSIS with C3900-SPE150/K9 with 1048576 Kbytes of main memory

Main memory is configured to 72/72(dimm 0/1) bit mode with ECC enabled

Readonly ROMMON initialized

program load complete, entry point: 0x4000000, size: 0x18fa0

program load complete, entry point: 0x4000000, size: 0x18fa0

IOS Image Load Test 

___________________ 

Digitally Signed Release Software 

program load complete, entry point: 0x4000000, size: 0x5bb9ee0

Self decompressing the image : ############################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################# [OK]

*** No sreloc section

Smart Init is enabled

smart init is sizing iomem

                 TYPE      MEMORY_REQ

           OIR memory      0x01800000

    Onboard devices &

         buffer pools      0x0230F000 

-----------------------------------------------

               TOTAL:      0x03B0F000

Rounded IOMEM up to: 60Mb.

Using 5 percent iomem. [60Mb/1024Mb]

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.

           170 West Tasman Drive

           San Jose, California 95134-1706

Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.3(3)M, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2013 by Cisco Systems, Inc.

Compiled Mon 22-Jul-13 01:55 by prod_rel_team

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Installed image archive

Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE150/K9 with 987136K/61440K bytes of memory.

Processor board ID **********

3 Gigabit Ethernet interfaces

1 terminal line

1 Virtual Private Network (×××) Module

DRAM configuration is 72 bits wide with parity enabled.

255K bytes of non-volatile configuration memory.

250880K bytes of ATA CompactFlash 1 (Read/Write)

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

% Crashinfo may not be recovered at flash:crashinfo

% This file system device reports an error

Press RETURN to get started!

*Jan  2 00:00:01.427: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c3900 Next reboot level = ipbasek9 and License = ipbasek9

*Jan  2 00:00:01.467: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c3900 Next reboot level = securityk9 and License = securityk9

*Mar  1 06:35:34.627: c3600_scp_set_dstaddr2_idb(184)add = 80 name is Embedded-Service-Engine0/0

*Mar  1 06:35:35.411: %×××_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Initialized 

*Mar  1 06:35:35.411: %×××_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Enabled 

*Mar  1 06:35:43.851: %SW_VLAN-4-IFS_FAILURE: VLAN manager encountered file operation error: call = ifs_open/read / code = 2595 (No such device)

    / bytes transfered = 0

*Mar  1 06:35:43.863: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down

*Mar  1 06:35:43.863: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down

*Mar  1 06:35:43.863: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down

*Mar  1 06:35:44.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down

*Mar  1 06:35:44.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down

*Mar  1 06:35:44.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down

*Mar  1 06:35:45.459: %SYS-6-STARTUP_CONFIG_IGNORED: System startup configuration is ignored based on the configuration register setting.

*Mar  1 06:36:01.083: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.3(3)M, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2013 by Cisco Systems, Inc.

Compiled Mon 22-Jul-13 01:55 by prod_rel_team

*Mar  1 06:36:01.119: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start

*Mar  1 06:36:01.191: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF

*Mar  1 06:36:01.191: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF

*Mar  1 06:36:02.691: %LINK-5-CHANGED: Interface Embedded-Service-Engine0/0, changed state to administratively down

*Mar  1 06:36:02.691: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down

*Mar  1 06:36:02.743: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down

*Mar  1 06:36:02.827: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down

*Mar  1 06:36:03.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Embedded-Service-Engine0/0, changed state to down

Router>

很OK，成功了； 

Router>

Router>en

Router#

Router#show run

Router#show running-config 

Building configuration...

Current configuration : 1022 bytes

!

version 15.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

!         

!

ip cef

no ipv6 cef

!

!

multilink bundle-name authenticated

!

!!

!

redundancy

!

!

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface GigabitEthernet0/1

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface GigabitEthernet0/2

 no ip address

 shutdown 

 duplex auto

 speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 login

 transport input all

!

scheduler allocate 20000 1000

!

end

Router#

Router#show startup-config    //查看原来的配置，记得保存下来

Using 6903 out of 262136 bytes

!

! Last configuration change at 04:46:13 UTC Fri Oct 26 2018

version 15.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Return

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

enable password  cisco

!

no aaa new-model

!

!

!

!

no ip domain lookup

ip cef

no ipv6 cef

!

!

multilink bundle-name authenticated

!

!

!         

redundancy

!

!

!

!

interface Loopback0

 ip address 192.168.1.1 255.255.255.255

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 description <<to_BJ_4M>>

 ip address 102.10.10.1 255.255.255.0

 ip access-group wireless out

 ip ospf hello-interval 3

 ip ospf cost 10

 duplex auto

 speed auto

!

interface GigabitEthernet0/1

 description <<TO-SW2-G0/24>>

 ip address 102.123.134.1 255.255.255.0

 duplex auto

 speed auto

!

interface GigabitEthernet0/2

 description <<TO-SW1-G0/24>>

 ip address 102.123.150.1 255.255.255.0

 duplex auto

 speed auto

!

interface GigabitEthernet0/0/0

 no ip address

!         

interface GigabitEthernet0/0/1

 no ip address

!

interface GigabitEthernet0/0/2

 no ip address

!

interface GigabitEthernet0/0/3

 no ip address

!

interface Vlan1

 no ip address

  哈哈 ，如果帮到你了，记得点赞哦！